Lark Technologies: Privilege Escalation to All-staff group

A vulnerability was found where invited admins with only Company Info permissions were able to modify Staff group settings, including edit / access / delete all-staff, within the members and orgs tab. We thank @snapsec for reporting this to our team...